Hi James, Take a look at this URL:
https://stackoverflow.com/questions/64721644/javax-net-ssl-sslprotocolexception-the-certificate-chain-length-11-exceeds-th It may help, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: James H. H. Lampert <jam...@touchtonecorp.com.INVALID> > Sent: Thursday, May 18, 2023 3:01 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: AW: Too many certificates in chain?!? Help! > > On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote: > > Which version of tomcat do you use? > > Is the stack trace truncated in your mail? Is there a "caused by ..." > > further > down the stacktrace? > > > > It looks like the error is thrown deeper in SSLUtil when creating the ssl > context. > > Maybe you can post the full stack trace. > > It just gets weirder. > > FYI, The customer box is on Tomcat 8.5.73, running under IBM Java > 8.0.7.20 - pap6480sr7fp20-20221020_01(SR7 FP20), under OS/400 V7R3M0. > > I fired up one of our on-site AS/400s (V6R1M0), with a Tomcat server > (7.0.108, running under Java 6), and started plugging in keystores. > First, I plugged in the initial self-signed keystore. No problem; launched > just > fine. Then I plugged in the signed-and-chained keystore. > Still no problem; launched just fine. Then I plugged in a copy of the signed- > and-chained keystore that I'd sent back from the customer box. > STILL no problem! > > I also did a "keytool -list -v -keystore xxxxx.ks" on both the new keystore > and > the one that worked, on my own Mac. No problems at all, and they looked > very similar. But when I tried doing it on the customer AS/400, I got very > similar error messages to what's in catalina.out. > > I don't ordinarily send attachments to list servers, but the "how to ask > questions the smart way" said it should be OK, if small and relevant, and > stacktraces tend to get a bit garbled if sent inline, so I've attached a brief > catalina.out excerpt. > > -- > JHHL
